From c5cd3ddab1e089ddc31b1878cb43ba06fd883ffb Mon Sep 17 00:00:00 2001 From: chenhanzhang Date: Fri, 6 Sep 2024 17:35:32 +0800 Subject: [PATCH] resource/alicloud_service_mesh_service_mesh: add new attribute kiali.integrate_clb etc. --- ...urce_alicloud_service_mesh_service_mesh.go | 523 +++++++++++++++--- alicloud/service_alicloud_service_mesh_v2.go | 44 +- .../r/service_mesh_service_mesh.html.markdown | 178 +++--- 3 files changed, 563 insertions(+), 182 deletions(-) diff --git a/alicloud/resource_alicloud_service_mesh_service_mesh.go b/alicloud/resource_alicloud_service_mesh_service_mesh.go index f7905b36f017..912c039241fe 100644 --- a/alicloud/resource_alicloud_service_mesh_service_mesh.go +++ b/alicloud/resource_alicloud_service_mesh_service_mesh.go @@ -1,7 +1,7 @@ -// Package alicloud. This file is generated automatically. Please do not modify it manually, thank you! package alicloud import ( + "encoding/json" "fmt" "log" "regexp" @@ -24,7 +24,7 @@ func resourceAliCloudServiceMeshServiceMesh() *schema.Resource { State: schema.ImportStatePassthrough, }, Timeouts: &schema.ResourceTimeout{ - Create: schema.DefaultTimeout(10 * time.Minute), + Create: schema.DefaultTimeout(5 * time.Minute), Update: schema.DefaultTimeout(10 * time.Minute), Delete: schema.DefaultTimeout(20 * time.Minute), }, @@ -72,6 +72,10 @@ func resourceAliCloudServiceMeshServiceMesh() *schema.Resource { Type: schema.TypeBool, Optional: true, }, + "kubeconfig": { + Type: schema.TypeString, + Computed: true, + }, "load_balancer": { Type: schema.TypeList, Optional: true, @@ -300,14 +304,117 @@ func resourceAliCloudServiceMeshServiceMesh() *schema.Resource { MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ + "aggregated_kiali_address": { + Type: schema.TypeString, + Computed: true, + }, + "integrate_clb": { + Type: schema.TypeBool, + Optional: true, + }, + "auth_strategy": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ValidateFunc: StringInSlice([]string{"token", "openid", "ramoauth"}, false), + }, "enabled": { Type: schema.TypeBool, Optional: true, }, + "kiali_arms_auth_tokens": { + Type: schema.TypeString, + Optional: true, + }, + "open_id_config": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "issuer_uri": { + Type: schema.TypeString, + Optional: true, + }, + "client_secret": { + Type: schema.TypeString, + Optional: true, + }, + "scopes": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "client_id": { + Type: schema.TypeString, + Optional: true, + }, + }, + }, + }, "url": { Type: schema.TypeString, Computed: true, }, + "distributed_kiali_addresses": { + Type: schema.TypeString, + Computed: true, + }, + "use_populated_arms_prometheus": { + Type: schema.TypeBool, + Computed: true, + }, + "server_config": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "web_schema": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: StringInSlice([]string{"http", "https"}, false), + }, + "web_root": { + Type: schema.TypeString, + Optional: true, + }, + "web_fqdn": { + Type: schema.TypeString, + Optional: true, + }, + "web_port": { + Type: schema.TypeInt, + Optional: true, + }, + }, + }, + }, + "kiali_service_annotations": { + Type: schema.TypeString, + Optional: true, + }, + "distributed_kiali_access_tokens": { + Type: schema.TypeString, + Computed: true, + }, + "ram_oauth_config": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "redirect_uris": { + Type: schema.TypeString, + Optional: true, + }, + }, + }, + }, + "custom_prometheus_url": { + Type: schema.TypeString, + Optional: true, + }, }, }, }, @@ -446,7 +553,7 @@ func resourceAliCloudServiceMeshServiceMeshCreate(d *schema.ResourceData, meta i return WrapError(err) } request = make(map[string]interface{}) - request["RegionId"] = client.RegionId + query["RegionId"] = client.RegionId if v, ok := d.GetOk("service_mesh_name"); ok { request["Name"] = v @@ -673,18 +780,30 @@ func resourceAliCloudServiceMeshServiceMeshRead(d *schema.ResourceData, meta int return WrapError(err) } - d.Set("cluster_spec", objectRaw["ClusterSpec"]) + if objectRaw["ClusterSpec"] != nil { + d.Set("cluster_spec", objectRaw["ClusterSpec"]) + } serviceMeshInfo1RawObj, _ := jsonpath.Get("$.ServiceMeshInfo", objectRaw) serviceMeshInfo1Raw := make(map[string]interface{}) if serviceMeshInfo1RawObj != nil { serviceMeshInfo1Raw = serviceMeshInfo1RawObj.(map[string]interface{}) } - d.Set("create_time", serviceMeshInfo1Raw["CreationTime"]) - d.Set("edition", serviceMeshInfo1Raw["Profile"]) - d.Set("service_mesh_name", serviceMeshInfo1Raw["Name"]) - d.Set("status", serviceMeshInfo1Raw["State"]) - d.Set("version", serviceMeshInfo1Raw["Version"]) + if serviceMeshInfo1Raw["CreationTime"] != nil { + d.Set("create_time", serviceMeshInfo1Raw["CreationTime"]) + } + if serviceMeshInfo1Raw["Profile"] != nil { + d.Set("edition", serviceMeshInfo1Raw["Profile"]) + } + if serviceMeshInfo1Raw["Name"] != nil { + d.Set("service_mesh_name", serviceMeshInfo1Raw["Name"]) + } + if serviceMeshInfo1Raw["State"] != nil { + d.Set("status", serviceMeshInfo1Raw["State"]) + } + if serviceMeshInfo1Raw["Version"] != nil { + d.Set("version", serviceMeshInfo1Raw["Version"]) + } clusters1Raw := make([]interface{}, 0) if objectRaw["Clusters"] != nil { @@ -705,7 +824,11 @@ func resourceAliCloudServiceMeshServiceMeshRead(d *schema.ResourceData, meta int extraConfigurationMaps = append(extraConfigurationMaps, extraConfigurationMap) } - d.Set("extra_configuration", extraConfigurationMaps) + if cRAggregationConfiguration1RawObj != nil { + if err := d.Set("extra_configuration", extraConfigurationMaps); err != nil { + return err + } + } loadBalancerMaps := make([]map[string]interface{}, 0) loadBalancerMap := make(map[string]interface{}) loadBalancer1RawObj, _ := jsonpath.Get("$.Spec.LoadBalancer", objectRaw) @@ -721,7 +844,11 @@ func resourceAliCloudServiceMeshServiceMeshRead(d *schema.ResourceData, meta int loadBalancerMaps = append(loadBalancerMaps, loadBalancerMap) } - d.Set("load_balancer", loadBalancerMaps) + if loadBalancer1RawObj != nil { + if err := d.Set("load_balancer", loadBalancerMaps); err != nil { + return err + } + } meshConfigMaps := make([]map[string]interface{}, 0) meshConfigMap := make(map[string]interface{}) meshConfig1RawObj, _ := jsonpath.Get("$.Spec.MeshConfig", objectRaw) @@ -791,20 +918,6 @@ func resourceAliCloudServiceMeshServiceMeshRead(d *schema.ResourceData, meta int controlPlaneLogMaps = append(controlPlaneLogMaps, controlPlaneLogMap) } meshConfigMap["control_plane_log"] = controlPlaneLogMaps - kialiMaps := make([]map[string]interface{}, 0) - kialiMap := make(map[string]interface{}) - kiali1RawObj, _ := jsonpath.Get("$.Spec.MeshConfig.Kiali", objectRaw) - kiali1Raw := make(map[string]interface{}) - if kiali1RawObj != nil { - kiali1Raw = kiali1RawObj.(map[string]interface{}) - } - if len(kiali1Raw) > 0 { - kialiMap["enabled"] = kiali1Raw["Enabled"] - kialiMap["url"] = kiali1Raw["Url"] - - kialiMaps = append(kialiMaps, kialiMap) - } - meshConfigMap["kiali"] = kialiMaps oPAMaps := make([]map[string]interface{}, 0) oPAMap := make(map[string]interface{}) oPA1RawObj, _ := jsonpath.Get("$.Spec.MeshConfig.OPA", objectRaw) @@ -901,9 +1014,8 @@ func resourceAliCloudServiceMeshServiceMeshRead(d *schema.ResourceData, meta int sidecarInjectorMaps = append(sidecarInjectorMaps, sidecarInjectorMap) } meshConfigMap["sidecar_injector"] = sidecarInjectorMaps - meshConfigMaps = append(meshConfigMaps, meshConfigMap) } - d.Set("mesh_config", meshConfigMaps) + networkMaps := make([]map[string]interface{}, 0) networkMap := make(map[string]interface{}) network1RawObj, _ := jsonpath.Get("$.Spec.Network", objectRaw) @@ -919,7 +1031,84 @@ func resourceAliCloudServiceMeshServiceMeshRead(d *schema.ResourceData, meta int networkMap["vswitche_list"] = vSwitches1Raw networkMaps = append(networkMaps, networkMap) } - d.Set("network", networkMaps) + if network1RawObj != nil { + if err := d.Set("network", networkMaps); err != nil { + return err + } + } + + objectRaw, err = serviceMeshServiceV2.DescribeDescribeKialiConfiguration(d.Id()) + if err != nil { + return WrapError(err) + } + + kialiMaps := make([]map[string]interface{}, 0) + kialiMap := make(map[string]interface{}) + + kialiMap["aggregated_kiali_address"] = objectRaw["AggregatedKialiAddress"] + kialiMap["auth_strategy"] = objectRaw["AuthStrategy"] + kialiMap["custom_prometheus_url"] = objectRaw["CustomPrometheusUrl"] + kialiMap["distributed_kiali_access_tokens"] = objectRaw["DistributedKialiAccessTokens"] + kialiMap["distributed_kiali_addresses"] = objectRaw["DistributedKialiAddresses"] + kialiMap["enabled"] = objectRaw["Enabled"] + kialiMap["integrate_clb"] = objectRaw["IntegrateCLB"] + kialiMap["kiali_arms_auth_tokens"] = objectRaw["KialiArmsAuthTokens"] + kialiMap["kiali_service_annotations"] = objectRaw["KialiServiceAnnotations"] + kialiMap["url"] = objectRaw["KialiIstioIngressAddress"] + kialiMap["use_populated_arms_prometheus"] = objectRaw["UsePopulatedArmsPrometheus"] + + openIdConfigMaps := make([]map[string]interface{}, 0) + openIdConfigMap := make(map[string]interface{}) + openIdConfig1RawObj, _ := jsonpath.Get("$.OpenIdConfig", objectRaw) + openIdConfig1Raw := make(map[string]interface{}) + if openIdConfig1RawObj != nil { + openIdConfig1Raw = openIdConfig1RawObj.(map[string]interface{}) + } + if len(openIdConfig1Raw) > 0 { + openIdConfigMap["client_id"] = openIdConfig1Raw["ClientId"] + openIdConfigMap["client_secret"] = openIdConfig1Raw["ClientSecret"] + openIdConfigMap["issuer_uri"] = openIdConfig1Raw["IssuerUri"] + + scopes1Raw, _ := jsonpath.Get("$.OpenIdConfig.Scopes", objectRaw) + openIdConfigMap["scopes"] = scopes1Raw + openIdConfigMaps = append(openIdConfigMaps, openIdConfigMap) + } + kialiMap["open_id_config"] = openIdConfigMaps + ramOAuthConfigMaps := make([]map[string]interface{}, 0) + ramOAuthConfigMap := make(map[string]interface{}) + rAMOAuthConfig1RawObj, _ := jsonpath.Get("$.RAMOAuthConfig", objectRaw) + rAMOAuthConfig1Raw := make(map[string]interface{}) + if rAMOAuthConfig1RawObj != nil { + rAMOAuthConfig1Raw = rAMOAuthConfig1RawObj.(map[string]interface{}) + } + if len(rAMOAuthConfig1Raw) > 0 { + ramOAuthConfigMap["redirect_uris"] = rAMOAuthConfig1Raw["RedirectUris"] + + ramOAuthConfigMaps = append(ramOAuthConfigMaps, ramOAuthConfigMap) + } + kialiMap["ram_oauth_config"] = ramOAuthConfigMaps + serverConfigMaps := make([]map[string]interface{}, 0) + serverConfigMap := make(map[string]interface{}) + serverConfig1RawObj, _ := jsonpath.Get("$.ServerConfig", objectRaw) + serverConfig1Raw := make(map[string]interface{}) + if serverConfig1RawObj != nil { + serverConfig1Raw = serverConfig1RawObj.(map[string]interface{}) + } + if len(serverConfig1Raw) > 0 { + serverConfigMap["web_fqdn"] = serverConfig1Raw["WebFQDN"] + serverConfigMap["web_port"] = serverConfig1Raw["WebPort"] + serverConfigMap["web_root"] = serverConfig1Raw["WebRoot"] + serverConfigMap["web_schema"] = serverConfig1Raw["WebSchema"] + + serverConfigMaps = append(serverConfigMaps, serverConfigMap) + } + kialiMap["server_config"] = serverConfigMaps + kialiMaps = append(kialiMaps, kialiMap) + meshConfigMap["kiali"] = kialiMaps + meshConfigMaps = append(meshConfigMaps, meshConfigMap) + if err := d.Set("mesh_config", meshConfigMaps); err != nil { + return err + } objectRaw, err = serviceMeshServiceV2.DescribeListTagResources(d.Id()) if err != nil { @@ -934,6 +1123,10 @@ func resourceAliCloudServiceMeshServiceMeshRead(d *schema.ResourceData, meta int return WrapError(err) } + if objectRaw["Kubeconfig"] != nil { + d.Set("kubeconfig", objectRaw["Kubeconfig"]) + } + return nil } @@ -952,6 +1145,7 @@ func resourceAliCloudServiceMeshServiceMeshUpdate(d *schema.ResourceData, meta i request = make(map[string]interface{}) query = make(map[string]interface{}) request["ServiceMeshId"] = d.Id() + if !d.IsNewResource() && d.HasChange("mesh_config.0.tracing") { update = true jsonPathResult, err := jsonpath.Get("$[0].tracing", d.Get("mesh_config")) @@ -1080,84 +1274,76 @@ func resourceAliCloudServiceMeshServiceMeshUpdate(d *schema.ResourceData, meta i } } - if !d.IsNewResource() && d.HasChange("mesh_config.0.kiali.0.enabled") { + if !d.IsNewResource() && d.HasChange("mesh_config.0.access_log.0.enabled") { update = true - jsonPathResult16, err := jsonpath.Get("$[0].kiali[0].enabled", d.Get("mesh_config")) + jsonPathResult16, err := jsonpath.Get("$[0].access_log[0].enabled", d.Get("mesh_config")) if err == nil { - request["KialiEnabled"] = jsonPathResult16 + request["AccessLogEnabled"] = jsonPathResult16 } } - if !d.IsNewResource() && d.HasChange("mesh_config.0.access_log.0.enabled") { + if d.HasChange("mesh_config.0.sidecar_injector.0.init_cni_configuration.0.exclude_namespaces") { update = true - jsonPathResult17, err := jsonpath.Get("$[0].access_log[0].enabled", d.Get("mesh_config")) + jsonPathResult17, err := jsonpath.Get("$[0].sidecar_injector[0].init_cni_configuration[0].exclude_namespaces", d.Get("mesh_config")) if err == nil { - request["AccessLogEnabled"] = jsonPathResult17 + request["CniExcludeNamespaces"] = jsonPathResult17 } } - if d.HasChange("mesh_config.0.sidecar_injector.0.init_cni_configuration.0.exclude_namespaces") && (d.Get("cluster_spec") == "enterprise" || d.Get("cluster_spec") == "ultimate") { + if d.HasChange("mesh_config.0.sidecar_injector.0.init_cni_configuration.0.enabled") { update = true - jsonPathResult18, err := jsonpath.Get("$[0].sidecar_injector[0].init_cni_configuration[0].exclude_namespaces", d.Get("mesh_config")) + jsonPathResult18, err := jsonpath.Get("$[0].sidecar_injector[0].init_cni_configuration[0].enabled", d.Get("mesh_config")) if err == nil { - request["CniExcludeNamespaces"] = jsonPathResult18 + request["CniEnabled"] = jsonPathResult18 } } - if d.HasChange("mesh_config.0.sidecar_injector.0.init_cni_configuration.0.enabled") && (d.Get("cluster_spec") == "enterprise" || d.Get("cluster_spec") == "ultimate") { - update = true - } - jsonPathResult19, err := jsonpath.Get("$[0].sidecar_injector[0].init_cni_configuration[0].enabled", d.Get("mesh_config")) - if err == nil { - request["CniEnabled"] = jsonPathResult19 - } - if !d.IsNewResource() && d.HasChange("mesh_config.0.proxy.0.request_memory") { update = true - jsonPathResult20, err := jsonpath.Get("$[0].proxy[0].request_memory", d.Get("mesh_config")) + jsonPathResult19, err := jsonpath.Get("$[0].proxy[0].request_memory", d.Get("mesh_config")) if err == nil { - request["ProxyRequestMemory"] = jsonPathResult20 + request["ProxyRequestMemory"] = jsonPathResult19 } } if d.HasChange("mesh_config.0.sidecar_injector.0.request_memory") { update = true - jsonPathResult21, err := jsonpath.Get("$[0].sidecar_injector[0].request_memory", d.Get("mesh_config")) + jsonPathResult20, err := jsonpath.Get("$[0].sidecar_injector[0].request_memory", d.Get("mesh_config")) if err == nil { - request["SidecarInjectorRequestMemory"] = jsonPathResult21 + request["SidecarInjectorRequestMemory"] = jsonPathResult20 } } if d.HasChange("mesh_config.0.sidecar_injector.0.limit_memory") { update = true - jsonPathResult22, err := jsonpath.Get("$[0].sidecar_injector[0].limit_memory", d.Get("mesh_config")) + jsonPathResult21, err := jsonpath.Get("$[0].sidecar_injector[0].limit_memory", d.Get("mesh_config")) if err == nil { - request["SidecarInjectorLimitMemory"] = jsonPathResult22 + request["SidecarInjectorLimitMemory"] = jsonPathResult21 } } if d.HasChange("mesh_config.0.sidecar_injector.0.limit_cpu") { update = true - jsonPathResult23, err := jsonpath.Get("$[0].sidecar_injector[0].limit_cpu", d.Get("mesh_config")) + jsonPathResult22, err := jsonpath.Get("$[0].sidecar_injector[0].limit_cpu", d.Get("mesh_config")) if err == nil { - request["SidecarInjectorLimitCPU"] = jsonPathResult23 + request["SidecarInjectorLimitCPU"] = jsonPathResult22 } } if d.HasChange("mesh_config.0.sidecar_injector.0.request_cpu") { update = true - jsonPathResult24, err := jsonpath.Get("$[0].sidecar_injector[0].request_cpu", d.Get("mesh_config")) + jsonPathResult23, err := jsonpath.Get("$[0].sidecar_injector[0].request_cpu", d.Get("mesh_config")) if err == nil { - request["SidecarInjectorRequestCPU"] = jsonPathResult24 + request["SidecarInjectorRequestCPU"] = jsonPathResult23 } } if !d.IsNewResource() && d.HasChange("mesh_config.0.opa.0.enabled") { update = true - } - jsonPathResult25, err := jsonpath.Get("$[0].opa[0].enabled", d.Get("mesh_config")) - if err == nil { - request["OpaEnabled"] = jsonPathResult25 + jsonPathResult24, err := jsonpath.Get("$[0].opa[0].enabled", d.Get("mesh_config")) + if err == nil { + request["OpaEnabled"] = jsonPathResult24 + } } if v, ok := d.GetOkExists("customized_prometheus"); ok { @@ -1168,66 +1354,66 @@ func resourceAliCloudServiceMeshServiceMeshUpdate(d *schema.ResourceData, meta i } if d.HasChange("mesh_config.0.sidecar_injector.0.auto_injection_policy_enabled") { update = true - } - jsonPathResult28, err := jsonpath.Get("$[0].sidecar_injector[0].auto_injection_policy_enabled", d.Get("mesh_config")) - if err == nil { - request["AutoInjectionPolicyEnabled"] = jsonPathResult28 + jsonPathResult27, err := jsonpath.Get("$[0].sidecar_injector[0].auto_injection_policy_enabled", d.Get("mesh_config")) + if err == nil { + request["AutoInjectionPolicyEnabled"] = jsonPathResult27 + } } if !d.IsNewResource() && d.HasChange("mesh_config.0.access_log.0.project") { update = true - jsonPathResult29, err := jsonpath.Get("$[0].access_log[0].project", d.Get("mesh_config")) + jsonPathResult28, err := jsonpath.Get("$[0].access_log[0].project", d.Get("mesh_config")) if err == nil { - request["AccessLogProject"] = jsonPathResult29 + request["AccessLogProject"] = jsonPathResult28 } } if d.HasChange("mesh_config.0.access_log.0.gateway_enabled") { update = true - jsonPathResult30, err := jsonpath.Get("$[0].access_log[0].gateway_enabled", d.Get("mesh_config")) + jsonPathResult29, err := jsonpath.Get("$[0].access_log[0].gateway_enabled", d.Get("mesh_config")) if err == nil { - request["AccessLogGatewayEnabled"] = jsonPathResult30 + request["AccessLogGatewayEnabled"] = jsonPathResult29 } } if d.HasChange("mesh_config.0.access_log.0.sidecar_enabled") { update = true - jsonPathResult31, err := jsonpath.Get("$[0].access_log[0].sidecar_enabled", d.Get("mesh_config")) + jsonPathResult30, err := jsonpath.Get("$[0].access_log[0].sidecar_enabled", d.Get("mesh_config")) if err == nil { - request["AccessLogSidecarEnabled"] = jsonPathResult31 + request["AccessLogSidecarEnabled"] = jsonPathResult30 } } if d.HasChange("mesh_config.0.access_log.0.gateway_lifecycle") { update = true - jsonPathResult32, err := jsonpath.Get("$[0].access_log[0].gateway_lifecycle", d.Get("mesh_config")) - if err == nil && jsonPathResult32.(int) > 0 { - request["AccessLogGatewayLifecycle"] = jsonPathResult32 + jsonPathResult31, err := jsonpath.Get("$[0].access_log[0].gateway_lifecycle", d.Get("mesh_config")) + if err == nil && jsonPathResult31.(int) > 0 { + request["AccessLogGatewayLifecycle"] = jsonPathResult31 } } if d.HasChange("mesh_config.0.access_log.0.sidecar_lifecycle") { update = true - jsonPathResult33, err := jsonpath.Get("$[0].access_log[0].sidecar_lifecycle", d.Get("mesh_config")) - if err == nil && jsonPathResult33.(int) > 0 { - request["AccessLogSidecarLifecycle"] = jsonPathResult33 + jsonPathResult32, err := jsonpath.Get("$[0].access_log[0].sidecar_lifecycle", d.Get("mesh_config")) + if err == nil && jsonPathResult32.(int) > 0 { + request["AccessLogSidecarLifecycle"] = jsonPathResult32 } } if !d.IsNewResource() && d.HasChange("mesh_config.0.audit.0.project") { update = true - } - jsonPathResult34, err := jsonpath.Get("$[0].audit[0].project", d.Get("mesh_config")) - if err == nil { - request["AuditProject"] = jsonPathResult34 + jsonPathResult33, err := jsonpath.Get("$[0].audit[0].project", d.Get("mesh_config")) + if err == nil { + request["AuditProject"] = jsonPathResult33 + } } if !d.IsNewResource() && d.HasChange("mesh_config.0.audit.0.enabled") { update = true - } - jsonPathResult35, err := jsonpath.Get("$[0].audit[0].enabled", d.Get("mesh_config")) - if err == nil { - request["EnableAudit"] = jsonPathResult35 + jsonPathResult34, err := jsonpath.Get("$[0].audit[0].enabled", d.Get("mesh_config")) + if err == nil { + request["EnableAudit"] = jsonPathResult34 + } } if !d.IsNewResource() && d.HasChange("cluster_spec") { @@ -1269,6 +1455,7 @@ func resourceAliCloudServiceMeshServiceMeshUpdate(d *schema.ResourceData, meta i request = make(map[string]interface{}) query = make(map[string]interface{}) request["ServiceMeshId"] = d.Id() + if d.HasChange("extra_configuration.0.cr_aggregation_enabled") { update = true jsonPathResult, err := jsonpath.Get("$[0].cr_aggregation_enabled", d.Get("extra_configuration")) @@ -1311,6 +1498,7 @@ func resourceAliCloudServiceMeshServiceMeshUpdate(d *schema.ResourceData, meta i request = make(map[string]interface{}) query = make(map[string]interface{}) request["ServiceMeshId"] = d.Id() + if !d.IsNewResource() && d.HasChange("version") { update = true request["ExpectedVersion"] = d.Get("version") @@ -1351,6 +1539,7 @@ func resourceAliCloudServiceMeshServiceMeshUpdate(d *schema.ResourceData, meta i request = make(map[string]interface{}) query = make(map[string]interface{}) request["ServiceMeshId"] = d.Id() + if !d.IsNewResource() && d.HasChange("mesh_config.0.control_plane_log.0.enabled") { update = true } @@ -1409,9 +1598,165 @@ func resourceAliCloudServiceMeshServiceMeshUpdate(d *schema.ResourceData, meta i request = make(map[string]interface{}) query = make(map[string]interface{}) request["ServiceMeshId"] = d.Id() + if !d.IsNewResource() && d.HasChange("service_mesh_name") { update = true - request["Name"] = d.Get("service_mesh_name") + } + request["Name"] = d.Get("service_mesh_name") + if update { + runtime := util.RuntimeOptions{} + runtime.SetAutoretry(true) + wait := incrementalWait(3*time.Second, 5*time.Second) + err = resource.Retry(d.Timeout(schema.TimeoutUpdate), func() *resource.RetryError { + response, err = conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2020-01-11"), StringPointer("AK"), query, request, &runtime) + if err != nil { + if NeedRetry(err) { + wait() + return resource.RetryableError(err) + } + return resource.NonRetryableError(err) + } + addDebug(action, response, request) + return nil + }) + if err != nil { + return WrapErrorf(err, DefaultErrorMsg, d.Id(), action, AlibabaCloudSdkGoERROR) + } + } + update = false + action = "UpdateKialiConfiguration" + conn, err = client.NewServicemeshClient() + if err != nil { + return WrapError(err) + } + request = make(map[string]interface{}) + query = make(map[string]interface{}) + request["ServiceMeshId"] = d.Id() + + if !d.IsNewResource() && d.HasChange("mesh_config.0.kiali.0.enabled") { + update = true + jsonPathResult, err := jsonpath.Get("$[0].kiali[0].enabled", d.Get("mesh_config")) + if err == nil { + request["Enabled"] = jsonPathResult + } + } + + if d.HasChange("mesh_config.0.kiali.0.custom_prometheus_url") { + update = true + jsonPathResult1, err := jsonpath.Get("$[0].kiali[0].custom_prometheus_url", d.Get("mesh_config")) + if err == nil { + request["CustomPrometheusUrl"] = jsonPathResult1 + } + } + + if d.HasChange("mesh_config.0.kiali.0.integrate_clb") { + update = true + jsonPathResult2, err := jsonpath.Get("$[0].kiali[0].integrate_clb", d.Get("mesh_config")) + if err == nil { + request["IntegrateCLB"] = jsonPathResult2 + } + } + + if d.HasChange("mesh_config.0.kiali.0.kiali_service_annotations") { + update = true + jsonPathResult3, err := jsonpath.Get("$[0].kiali[0].kiali_service_annotations", d.Get("mesh_config")) + if err == nil { + request["KialiServiceAnnotations"] = jsonPathResult3 + } + } + + if d.HasChange("mesh_config.0.kiali.0.kiali_arms_auth_tokens") { + update = true + jsonPathResult4, err := jsonpath.Get("$[0].kiali[0].kiali_arms_auth_tokens", d.Get("mesh_config")) + if err == nil { + request["KialiArmsAuthTokens"] = jsonPathResult4 + } + } + + if d.HasChange("mesh_config.0.kiali.0.auth_strategy") { + update = true + jsonPathResult5, err := jsonpath.Get("$[0].kiali[0].auth_strategy", d.Get("mesh_config")) + if err == nil { + request["AuthStrategy"] = jsonPathResult5 + } + } + + if d.HasChange("mesh_config") { + update = true + objectDataLocalMap := make(map[string]interface{}) + + if v := d.Get("mesh_config"); !IsNil(v) { + redirectUris1, _ := jsonpath.Get("$[0].kiali[0].ram_oauth_config[0].redirect_uris", v) + if redirectUris1 != nil && (d.HasChange("mesh_config.0.kiali.0.ram_oauth_config.0.redirect_uris") || redirectUris1 != "") { + objectDataLocalMap["RedirectUris"] = redirectUris1 + } + + objectDataLocalMapJson, err := json.Marshal(objectDataLocalMap) + if err != nil { + return WrapError(err) + } + request["RAMOAuthConfig"] = string(objectDataLocalMapJson) + } + } + + if d.HasChange("mesh_config") { + update = true + objectDataLocalMap1 := make(map[string]interface{}) + + if v := d.Get("mesh_config"); !IsNil(v) { + clientId1, _ := jsonpath.Get("$[0].kiali[0].open_id_config[0].client_id", v) + if clientId1 != nil && (d.HasChange("mesh_config.0.kiali.0.open_id_config.0.client_id") || clientId1 != "") { + objectDataLocalMap1["ClientId"] = clientId1 + } + clientSecret1, _ := jsonpath.Get("$[0].kiali[0].open_id_config[0].client_secret", v) + if clientSecret1 != nil && (d.HasChange("mesh_config.0.kiali.0.open_id_config.0.client_secret") || clientSecret1 != "") { + objectDataLocalMap1["ClientSecret"] = clientSecret1 + } + issuerUri1, _ := jsonpath.Get("$[0].kiali[0].open_id_config[0].issuer_uri", v) + if issuerUri1 != nil && (d.HasChange("mesh_config.0.kiali.0.open_id_config.0.issuer_uri") || issuerUri1 != "") { + objectDataLocalMap1["IssuerUri"] = issuerUri1 + } + scopes1, _ := jsonpath.Get("$[0].kiali[0].open_id_config[0].scopes", d.Get("mesh_config")) + if scopes1 != nil && (d.HasChange("mesh_config.0.kiali.0.open_id_config.0.scopes") || scopes1 != "") { + objectDataLocalMap1["Scopes"] = scopes1 + } + + objectDataLocalMap1Json, err := json.Marshal(objectDataLocalMap1) + if err != nil { + return WrapError(err) + } + request["OpenIdConfig"] = string(objectDataLocalMap1Json) + } + } + + if d.HasChange("mesh_config") { + update = true + objectDataLocalMap2 := make(map[string]interface{}) + + if v := d.Get("mesh_config"); !IsNil(v) { + webFqdn, _ := jsonpath.Get("$[0].kiali[0].server_config[0].web_fqdn", v) + if webFqdn != nil && (d.HasChange("mesh_config.0.kiali.0.server_config.0.web_fqdn") || webFqdn != "") { + objectDataLocalMap2["WebFQDN"] = webFqdn + } + webPort1, _ := jsonpath.Get("$[0].kiali[0].server_config[0].web_port", v) + if webPort1 != nil && (d.HasChange("mesh_config.0.kiali.0.server_config.0.web_port") || webPort1 != "") { + objectDataLocalMap2["WebPort"] = webPort1 + } + webRoot1, _ := jsonpath.Get("$[0].kiali[0].server_config[0].web_root", v) + if webRoot1 != nil && (d.HasChange("mesh_config.0.kiali.0.server_config.0.web_root") || webRoot1 != "") { + objectDataLocalMap2["WebRoot"] = webRoot1 + } + webSchema1, _ := jsonpath.Get("$[0].kiali[0].server_config[0].web_schema", v) + if webSchema1 != nil && (d.HasChange("mesh_config.0.kiali.0.server_config.0.web_schema") || webSchema1 != "") { + objectDataLocalMap2["WebSchema"] = webSchema1 + } + + objectDataLocalMap2Json, err := json.Marshal(objectDataLocalMap2) + if err != nil { + return WrapError(err) + } + request["ServerConfig"] = string(objectDataLocalMap2Json) + } } if update { @@ -1433,6 +1778,11 @@ func resourceAliCloudServiceMeshServiceMeshUpdate(d *schema.ResourceData, meta i if err != nil { return WrapErrorf(err, DefaultErrorMsg, d.Id(), action, AlibabaCloudSdkGoERROR) } + serviceMeshServiceV2 := ServiceMeshServiceV2{client} + stateConf := BuildStateConf([]string{}, []string{"running"}, d.Timeout(schema.TimeoutUpdate), 5*time.Second, serviceMeshServiceV2.ServiceMeshServiceMeshStateRefreshFunc(d.Id(), "$.ServiceMeshInfo.State", []string{})) + if _, err := stateConf.WaitForState(); err != nil { + return WrapErrorf(err, IdMsg, d.Id()) + } } if d.HasChange("cluster_ids") { @@ -1452,6 +1802,7 @@ func resourceAliCloudServiceMeshServiceMeshUpdate(d *schema.ResourceData, meta i request = make(map[string]interface{}) query = make(map[string]interface{}) request["ServiceMeshId"] = d.Id() + if v, ok := item.(string); ok { jsonPathResult, err := jsonpath.Get("$", v) if err != nil { @@ -1498,6 +1849,7 @@ func resourceAliCloudServiceMeshServiceMeshUpdate(d *schema.ResourceData, meta i request = make(map[string]interface{}) query = make(map[string]interface{}) request["ServiceMeshId"] = d.Id() + if v, ok := item.(string); ok { jsonPathResult, err := jsonpath.Get("$", v) if err != nil { @@ -1552,6 +1904,7 @@ func resourceAliCloudServiceMeshServiceMeshUpdate(d *schema.ResourceData, meta i request = make(map[string]interface{}) query = make(map[string]interface{}) request["ServiceMeshId"] = d.Id() + request["Operation"] = "UnBindEip" if v, ok := d.GetOk("load_balancer"); ok { jsonPathResult, err := jsonpath.Get("$[0].pilot_public_eip", v) @@ -1589,6 +1942,7 @@ func resourceAliCloudServiceMeshServiceMeshUpdate(d *schema.ResourceData, meta i request = make(map[string]interface{}) query = make(map[string]interface{}) request["ServiceMeshId"] = d.Id() + if v, ok := d.GetOk("load_balancer"); ok { jsonPathResult, err := jsonpath.Get("$[0].pilot_public_eip", v) if err == nil && jsonPathResult != "" { @@ -1667,5 +2021,6 @@ func resourceAliCloudServiceMeshServiceMeshDelete(d *schema.ResourceData, meta i if _, err := stateConf.WaitForState(); err != nil { return WrapErrorf(err, IdMsg, d.Id()) } + return nil } diff --git a/alicloud/service_alicloud_service_mesh_v2.go b/alicloud/service_alicloud_service_mesh_v2.go index 842adc83ef86..023645f96408 100644 --- a/alicloud/service_alicloud_service_mesh_v2.go +++ b/alicloud/service_alicloud_service_mesh_v2.go @@ -63,6 +63,46 @@ func (s *ServiceMeshServiceV2) DescribeServiceMeshServiceMesh(id string) (object return v.(map[string]interface{}), nil } +func (s *ServiceMeshServiceV2) DescribeDescribeKialiConfiguration(id string) (object map[string]interface{}, err error) { + client := s.client + var request map[string]interface{} + var response map[string]interface{} + var query map[string]interface{} + action := "DescribeKialiConfiguration" + conn, err := client.NewServicemeshClient() + if err != nil { + return object, WrapError(err) + } + request = make(map[string]interface{}) + query = make(map[string]interface{}) + request["ServiceMeshId"] = id + + runtime := util.RuntimeOptions{} + runtime.SetAutoretry(true) + wait := incrementalWait(3*time.Second, 5*time.Second) + err = resource.Retry(1*time.Minute, func() *resource.RetryError { + response, err = conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2020-01-11"), StringPointer("AK"), query, request, &runtime) + + if err != nil { + if NeedRetry(err) { + wait() + return resource.RetryableError(err) + } + return resource.NonRetryableError(err) + } + addDebug(action, response, request) + return nil + }) + if err != nil { + if IsExpectedErrors(err, []string{"403", "503", "500"}) { + return object, WrapErrorf(Error(GetNotFoundMessage("ServiceMesh", id)), NotFoundMsg, response) + } + addDebug(action, response, request) + return object, WrapErrorf(err, DefaultErrorMsg, id, action, AlibabaCloudSdkGoERROR) + } + + return response, nil +} func (s *ServiceMeshServiceV2) DescribeListTagResources(id string) (object map[string]interface{}, err error) { client := s.client var request map[string]interface{} @@ -195,7 +235,7 @@ func (s *ServiceMeshServiceV2) SetResourceTags(d *schema.ResourceData, resourceT request = make(map[string]interface{}) query = make(map[string]interface{}) request["ResourceId.1"] = d.Id() - request["RegionId"] = client.RegionId + query["RegionId"] = client.RegionId request["ResourceType"] = resourceType for i, key := range removedTagKeys { request[fmt.Sprintf("TagKey.%d", i+1)] = key @@ -231,7 +271,7 @@ func (s *ServiceMeshServiceV2) SetResourceTags(d *schema.ResourceData, resourceT request = make(map[string]interface{}) query = make(map[string]interface{}) request["ResourceId.1"] = d.Id() - request["RegionId"] = client.RegionId + query["RegionId"] = client.RegionId request["ResourceType"] = resourceType count := 1 for key, value := range added { diff --git a/website/docs/r/service_mesh_service_mesh.html.markdown b/website/docs/r/service_mesh_service_mesh.html.markdown index ea55d6f0ce2c..e0d888530df6 100644 --- a/website/docs/r/service_mesh_service_mesh.html.markdown +++ b/website/docs/r/service_mesh_service_mesh.html.markdown @@ -8,7 +8,9 @@ description: |- # alicloud_service_mesh_service_mesh -Provides a Service Mesh Service Mesh resource. +Provides a Service Mesh Service Mesh resource. + + For information about Service Mesh Service Mesh and how to use it, see [What is Service Mesh](https://www.alibabacloud.com/help/en/asm/developer-reference/api-servicemesh-2020-01-11-createservicemesh). @@ -18,12 +20,6 @@ For information about Service Mesh Service Mesh and how to use it, see [What is Basic Usage -
- - Open in AliCloud - -
- ```terraform provider "alicloud" { region = "cn-hangzhou" @@ -66,119 +62,75 @@ resource "alicloud_service_mesh_service_mesh" "default" { } ``` -creating an enterprise cluster -
- - Open in AliCloud - -
- -```terraform -variable "name" { - default = "tf_example" -} - -data "alicloud_zones" "default" { - available_resource_creation = "VSwitch" -} -data "alicloud_service_mesh_versions" "default" { - edition = "Default" -} - -resource "alicloud_vpc" "default" { - vpc_name = var.name - cidr_block = "10.0.0.0/8" -} -resource "alicloud_vswitch" "default" { - vswitch_name = var.name - cidr_block = "10.1.0.0/16" - vpc_id = alicloud_vpc.default.id - zone_id = data.alicloud_zones.default.zones.0.id -} - -resource "alicloud_service_mesh_service_mesh" "default" { - service_mesh_name = var.name - edition = "Pro" - version = reverse(data.alicloud_service_mesh_versions.default.versions).0.version - cluster_spec = "enterprise" - network { - vpc_id = alicloud_vpc.default.id - vswitche_list = [alicloud_vswitch.default.id] - } - load_balancer { - pilot_public_eip = false - api_server_public_eip = false - } -} -``` - ## Argument Reference The following arguments are supported: -* `cluster_ids` - (Optional, Available since v1.166.0.) List of clusters. -* `cluster_spec` - (Optional, ForceNew, Computed, Available since v1.166.0.) Cluster specification. The service mesh instance specification. Valid values: `standard`,`enterprise`,`ultimate`. Default to `standard`. -* `customized_prometheus` - (Optional, Available since v1.211.2) Whether to customize Prometheus. Value: +* `cluster_ids` - (Optional, List) List of clusters. +* `cluster_spec` - (Optional, Computed) Cluster specification +* `customized_prometheus` - (Optional) Whether to customize Prometheus. Value: -'true': custom Prometheus. -'false': Do not customize Prometheus. -Default value: 'false '. -* `edition` - (Optional, ForceNew) Grid instance version type (for example: the standard, the Pro version, etc.). -* `extra_configuration` - (Optional, Computed) Data plane KubeAPI access capability. See [`extra_configuration`](#extra_configuration) below. + + Default value: 'false '. +* `edition` - (Optional, ForceNew) Grid instance version type (for example: the standard, the Pro version, etc.) +* `extra_configuration` - (Optional, Computed, List) Data plane KubeAPI access capability See [`extra_configuration`](#extra_configuration) below. * `force` - (Optional) Whether to forcibly delete the ASM instance. Value: -'true': force deletion of ASM instance -'false': no forced deletion of ASM instance -Default value: false. -* `load_balancer` - (Optional, ForceNew) Load balancing information. See [`load_balancer`](#load_balancer) below. -* `mesh_config` - (Optional, ForceNew) Service grid configuration information. See [`mesh_config`](#mesh_config) below. -* `network` - (Required, ForceNew) Service grid network configuration information. See [`network`](#network) below. -* `prometheus_url` - (Optional, Available since v1.211.2) The Prometheus service address (in non-custom cases, use the ARMS address format). -* `service_mesh_name` - (Optional, ForceNew) ServiceMeshName. -* `tags` - (Optional, Map, Available since v1.211.2) The tag of the resource. -* `version` - (Optional, Computed) Service grid version number. The version of the resource. you can look up the version using alicloud_service_mesh_versions. Note: The version supports updating from v1.170.0, the relevant version can be obtained via istio_operator_version in `alicloud_service_mesh_service_meshes`. + + Default value: false +* `load_balancer` - (Optional, Computed, List) Load balancing information See [`load_balancer`](#load_balancer) below. +* `mesh_config` - (Optional, Computed, List) Service grid configuration information See [`mesh_config`](#mesh_config) below. +* `network` - (Required, ForceNew, List) Service grid network configuration information See [`network`](#network) below. +* `prometheus_url` - (Optional) The Prometheus service address (in non-custom cases, use the ARMS address format). +* `service_mesh_name` - (Optional) ServiceMeshName +* `tags` - (Optional, Map) The tag of the resource +* `version` - (Optional) Service grid version number ### `extra_configuration` The extra_configuration supports the following: -* `cr_aggregation_enabled` - (Optional) Whether the data plane KubeAPI access capability is enabled. Indicates whether the Kubernetes API of clusters on the data plane is used to access Istio resources. A value of true indicates that the Kubernetes API is used. +* `cr_aggregation_enabled` - (Optional) Whether the data plane KubeAPI access capability is enabled. ### `load_balancer` The load_balancer supports the following: * `api_server_public_eip` - (Optional, ForceNew) Indicates whether to use the IP address of a public network exposed API Server. -* `pilot_public_eip` - (Optional, ForceNew) Indicates whether to use the IP address of a public network exposure Istio Pilot. +* `pilot_public_eip` - (Optional) Indicates whether to use the IP address of a public network exposure Istio Pilot. ### `mesh_config` The mesh_config supports the following: -* `access_log` - (Optional) The access logging configuration. See [`access_log`](#mesh_config-access_log) below. -* `audit` - (Optional, ForceNew, Computed) Audit information. See [`audit`](#mesh_config-audit) below. -* `control_plane_log` - (Optional, ForceNew) Control plane log collection configuration. See [`control_plane_log`](#mesh_config-control_plane_log) below. +* `access_log` - (Optional, List) The access logging configuration. See [`access_log`](#mesh_config-access_log) below. +* `audit` - (Optional, Computed, List) Audit information. See [`audit`](#mesh_config-audit) below. +* `control_plane_log` - (Optional, List) Control plane log collection configuration. See [`control_plane_log`](#mesh_config-control_plane_log) below. * `customized_zipkin` - (Optional) Whether or not to enable the use of a custom zipkin. * `enable_locality_lb` - (Optional, ForceNew) Whether to enable service can access the service through the nearest node access. * `include_ip_ranges` - (Optional, Computed) The IP ADDRESS range. -* `kiali` - (Optional) Kiali configuration. See [`kiali`](#mesh_config-kiali) below. -* `opa` - (Optional) The open-door policy of agent (OPA) plug-in information. See [`opa`](#mesh_config-opa) below. +* `kiali` - (Optional, List) Kiali configuration. See [`kiali`](#mesh_config-kiali) below. +* `opa` - (Optional, List) The open-door policy of agent (OPA) plug-in information. See [`opa`](#mesh_config-opa) below. * `outbound_traffic_policy` - (Optional) Out to the traffic policy. -* `pilot` - (Optional, ForceNew) Link trace sampling information. See [`pilot`](#mesh_config-pilot) below. -* `proxy` - (Optional) Proxy configuration. See [`proxy`](#mesh_config-proxy) below. -* `sidecar_injector` - (Optional) Sidecar injector configuration. See [`sidecar_injector`](#mesh_config-sidecar_injector) below. +* `pilot` - (Optional, List) Link trace sampling information. See [`pilot`](#mesh_config-pilot) below. +* `proxy` - (Optional, List) Proxy configuration, the fields under this structure have service segment default values, if not explicitly specified, you need to manually add them based on the return value of the server after the instance is created. See [`proxy`](#mesh_config-proxy) below. +* `sidecar_injector` - (Optional, List) Sidecar injector configuration. See [`sidecar_injector`](#mesh_config-sidecar_injector) below. * `telemetry` - (Optional) Whether to enable acquisition Prometheus metrics (it is recommended that you use [Alibaba Cloud Prometheus monitoring](https://arms.console.aliyun.com/). -* `tracing` - (Optional) Whether to enable link trace (you need to have [Alibaba Cloud link tracking service](https://tracing-analysis.console.aliyun.com/). +* `tracing` - (Optional) Whether to enable link trace (you need to have [Alibaba Cloud link tracking service](https://tracing-analysis.console.aliyun.com/) ### `mesh_config-access_log` The mesh_config-access_log supports the following: * `enabled` - (Optional) Whether to enable access log. -* `gateway_enabled` - (Optional, Available since v1.223.1) Whether collect AccessLog of ASM Gateway to Alibaba Cloud SLS. -* `gateway_lifecycle` - (Optional, Computed, Available since v1.223.1) Lifecycle of AccessLog of ASM Gateways which have been collected to Alibaba Cloud SLS. +* `gateway_enabled` - (Optional) Whether collect AccessLog of ASM Gateway to Alibaba Cloud SLS. +* `gateway_lifecycle` - (Optional, Computed, Int) Lifecycle of AccessLog of ASM Gateways which have been collected to Alibaba Cloud SLS. * `project` - (Optional) Access the SLS Project of log collection. -* `sidecar_enabled` - (Optional, Available since v1.223.1) Whether collect AccessLog of ASM Gateway to Alibaba Cloud SLS. -* `sidecar_lifecycle` - (Optional, Computed, Available since v1.223.1) Lifecycle of AccessLog of ASM Sidecars which have been collected to Alibaba Cloud SLS. +* `sidecar_enabled` - (Optional) Whether collect AccessLog of ASM Gateway to Alibaba Cloud SLS. +* `sidecar_lifecycle` - (Optional, Computed, Int) Lifecycle of AccessLog of ASM Sidecars which have been collected to Alibaba Cloud SLS. ### `mesh_config-audit` The mesh_config-audit supports the following: -* `enabled` - (Optional, ForceNew, Computed) Enable Audit. -* `project` - (Optional, ForceNew, Computed) Audit Log Items. +* `enabled` - (Optional, Computed) Enable Audit. +* `project` - (Optional, Computed) Audit Log Items. ### `mesh_config-control_plane_log` @@ -186,13 +138,21 @@ The mesh_config-control_plane_log supports the following: * `enabled` - (Required) Whether to enable control plane log collection. Value: -'true': enables control plane log collection. -'false': does not enable control plane log collection. -* `log_ttl_in_day` - (Optional, Computed, Available since v1.223.1) Lifecycle of logs has been collected to Alibaba Cloud SLS. +* `log_ttl_in_day` - (Optional, Computed, Int) Lifecycle of logs has been collected to Alibaba Cloud SLS. * `project` - (Optional) The name of the SLS Project to which the control plane logs are collected. ### `mesh_config-kiali` The mesh_config-kiali supports the following: +* `auth_strategy` - (Optional, Computed, Available since v1.231.0) The authentication strategy used when logging into the mesh topology. In data plane deployment mode, the mesh topology can use token, openid, or ramoauth authentication strategies; in managed mode, the mesh topology can use openid or ramoauth authentication strategies. +* `custom_prometheus_url` - (Optional, Available since v1.231.0) When the mesh topology cannot automatically use the integrated ARMS Prometheus, you need to use this property to specify a custom Prometheus HTTP API Url. The corresponding Prometheus instance needs to have been configured to collect Istio metrics in the cluster within the service mesh. * `enabled` - (Optional) Whether to enable kiali, you must first open the collection Prometheus, when the configuration update is false, the system automatically set this value to false). +* `integrate_clb` - (Optional, Available since v1.231.0) Whether to integrate CLB for mesh topology services to provide external access. +* `kiali_arms_auth_tokens` - (Optional, Available since v1.231.0) When the mesh topology automatically uses the integrated ARMS Prometheus, if the ARMS Prometheus instance in the cluster has token authentication enabled, you need to use this property to provide the corresponding authentication token for the mesh topology. The key of the property is the Kubernetes cluster id, and the value is the authentication token of the ARMS Prometheus instance corresponding to the cluster. (Service mesh instance version 1.15.3.113 or above is required). +* `kiali_service_annotations` - (Optional, Available since v1.231.0) Annotations for the Service corresponding to the mesh topology service. When the mesh topology service integrates CLB, annotations can be used to control the CLB specifications. The attribute type is map, the key is the Kubernetes cluster id, and the value is the mesh topology service annotation map under the corresponding Kubernetes cluster. When using the managed mode mesh topology, the key is the service mesh instance id. For annotation content, refer to [Configuring traditional load balancing CLB through Annotation](https://www.alibabacloud.com/help/en/ack/serverless-kubernetes/user-guide/use-annotations-to-configure-load-balancing).(Service mesh instance version 1.17.2.19 or above is required). +* `open_id_config` - (Optional, List, Available since v1.231.0) When the mesh topology's authentication policy is openid, the configuration used when the mesh topology and OIDC application are connected. If the authentication policy is openid, this configuration must be provided. See [`open_id_config`](#mesh_config-kiali-open_id_config) below. +* `ram_oauth_config` - (Optional, List, Available since v1.231.0) When the authentication strategy of the mesh topology is ramoauth, the mesh topology will be connected to the RAM OAuth application to log in with the Alibaba Cloud account. In this case, this attribute must be provided to configure the connection with the RAM OAuth application. See [`ram_oauth_config`](#mesh_config-kiali-ram_oauth_config) below. +* `server_config` - (Optional, List, Available since v1.231.0) When you need to configure external access to the mesh topology through ASM gateway or other means, and access the mesh topology through a custom domain name or address, you need to specify this property. (The service mesh instance version must be 1.16.4.5 or above). See [`server_config`](#mesh_config-kiali-server_config) below. ### `mesh_config-opa` @@ -208,23 +168,23 @@ The mesh_config-opa supports the following: The mesh_config-pilot supports the following: * `http10_enabled` - (Optional) Whether to support the HTTP1.0. -* `trace_sampling` - (Optional) Link trace sampling percentage. +* `trace_sampling` - (Optional, Float) Link trace sampling percentage. ### `mesh_config-proxy` The mesh_config-proxy supports the following: +* `cluster_domain` - (Optional, ForceNew, Computed) Cluster domain name. * `limit_cpu` - (Optional) CPU resources. * `limit_memory` - (Optional) Memory limit resource. * `request_cpu` - (Optional) CPU requests resources. * `request_memory` - (Optional) A memory request resources. -* `cluster_domain` - (Optional, ForceNew) Cluster domain name. ### `mesh_config-sidecar_injector` The mesh_config-sidecar_injector supports the following: * `auto_injection_policy_enabled` - (Optional) Whether to enable by Pod Annotations automatic injection Sidecar. * `enable_namespaces_by_default` - (Optional) Whether it is the all namespaces you turn on the auto injection capabilities. -* `init_cni_configuration` - (Optional) CNI configuration. See [`init_cni_configuration`](#mesh_config-sidecar_injector-init_cni_configuration) below. +* `init_cni_configuration` - (Optional, Computed, List) CNI configuration. See [`init_cni_configuration`](#mesh_config-sidecar_injector-init_cni_configuration) below. * `limit_cpu` - (Optional) Sidecar injector Pods on the throttle. * `limit_memory` - (Optional) Sidecar injector Pods on the throttle. * `request_cpu` - (Optional) Sidecar injector Pods on the requested resource. @@ -236,38 +196,64 @@ The mesh_config-sidecar_injector-init_cni_configuration supports the following: * `enabled` - (Optional) Enable CNI. * `exclude_namespaces` - (Optional) The excluded namespace. +### `mesh_config-kiali-open_id_config` + +The mesh_config-kiali-open_id_config supports the following: +* `client_id` - (Optional, Available since v1.231.0) The client id provided by the OIDC application. +* `client_secret` - (Optional, Available since v1.231.0) The client secret provided by the OIDC application. +* `issuer_uri` - (Optional, Available since v1.231.0) OIDC应用的Issuer URI. +* `scopes` - (Optional, List, Available since v1.231.0) The scope of the mesh topology request to the OIDC application. + +### `mesh_config-kiali-ram_oauth_config` + +The mesh_config-kiali-ram_oauth_config supports the following: +* `redirect_uris` - (Optional, Available since v1.231.0) The redirect Uri provided to the RAM OAuth application. This needs to be the access address of the mesh topology service. When not provided, the redirect Uri will be automatically inferred based on the ServerConfig or the CLB address of the mesh topology integration. + +### `mesh_config-kiali-server_config` + +The mesh_config-kiali-server_config supports the following: +* `web_fqdn` - (Optional, Available since v1.231.0) The domain name or address used when accessing the mesh topology in a custom way. +* `web_port` - (Optional, Int, Available since v1.231.0) The port used when accessing the mesh topology in a custom way. +* `web_root` - (Optional, Available since v1.231.0) The root path of the service when accessing the mesh topology in a custom way. +* `web_schema` - (Optional, Available since v1.231.0) The protocol used when accessing the mesh topology in a custom way. Can only be http or https. + ### `network` The network supports the following: -* `vswitche_list` - (Required, ForceNew) Virtual Switch ID. +* `vswitche_list` - (Required, ForceNew, List) Virtual Switch ID. * `vpc_id` - (Required, ForceNew) VPC ID. ## Attributes Reference The following attributes are exported: * `id` - The ID of the resource supplied above. -* `create_time` - Service grid creation time. -* `load_balancer` - Load balancing information. +* `create_time` - Service grid creation time +* `kubeconfig` - Kubeconfig configuration content +* `load_balancer` - Load balancing information * `api_server_loadbalancer_id` - The Instance ID of APIServer Load Balancer. * `pilot_public_loadbalancer_id` - The Instance ID of Pilot Load Balancer. -* `mesh_config` - Service grid configuration information. +* `mesh_config` - Service grid configuration information * `kiali` - Kiali configuration. + * `aggregated_kiali_address` - When the mesh topology is deployed in managed mode and integrated with CLB to provide external access, the external access address is automatically generated. + * `distributed_kiali_access_tokens` - The login token provided when the mesh topology is deployed in data plane deployment mode. When the mesh topology authentication strategy is token, this token can be used to log in to the mesh topology service. The key of the property is the Kubernetes cluster id, and the value of the property is the login token of the mesh topology service in the cluster. + * `distributed_kiali_addresses` - When the mesh topology is deployed in data plane deployment mode and integrated with CLB to provide external access, the external access address is automatically generated. The key of the attribute is the Kubernetes cluster id, and the value is the external access address of the mesh topology service in the cluster. * `url` - Kiali service address. + * `use_populated_arms_prometheus` - Whether the mesh topology automatically uses the integrated ARMS Prometheus. When the integrated ARMS Prometheus is automatically used, there is no need to specify the dependent Prometheus HTTP API Url. * `prometheus` - Prometheus configuration. * `external_url` - Prometheus service addresses (enabled external Prometheus when the system automatically populates). * `use_external` - Whether to enable external Prometheus. * `sidecar_injector` - Sidecar injector configuration. * `sidecar_injector_webhook_as_yaml` - Other automatic injection Sidecar configuration (in YAML format). -* `network` - Service grid network configuration information. +* `network` - Service grid network configuration information * `security_group_id` - Security group ID. -* `status` - The status of the resource. +* `status` - The status of the resource ## Timeouts The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration-0-11/resources.html#timeouts) for certain actions: * `create` - (Defaults to 5 mins) Used when create the Service Mesh. -* `delete` - (Defaults to 5 mins) Used when delete the Service Mesh. -* `update` - (Defaults to 5 mins) Used when update the Service Mesh. +* `delete` - (Defaults to 20 mins) Used when delete the Service Mesh. +* `update` - (Defaults to 10 mins) Used when update the Service Mesh. ## Import